From: RafaelGSS <rafael.nunu@hotmail.com>
Date: Fri, 31 Oct 2025 19:27:48 +0000 (-0300)
Subject: [PATCH] lib: add TLSSocket default error handler
X-Git-Tag: archive/raspbian/20.19.2+dfsg-1+rpi1+deb13u1^2~6
X-Git-Url: https://dgit.raspbian.org/%22http:/www.example.com/%22mailto:tmurad%40gmail.com//%22mailto:i18n-csb%40linuxcsb.org/%22/%22http:/www.example.com/%22mailto:tmurad%40gmail.com/%22mailto:i18n-csb%40linuxcsb.org/%22?a=commitdiff_plain;h=28b60d2897df2aed9e4359d46d23a75c5a7e7057;p=nodejs.git

[PATCH] lib: add TLSSocket default error handler

This prevents the server from crashing due to an unhandled rejection
when a TLSSocket connection is abruptly destroyed during initialization
and the user has not attached an error handler to the socket.
e.g:

```js
const server = http2.createSecureServer({ ... })
server.on('secureConnection', socket => {
  socket.on('error', err => {
    console.log(err)
  })
})
```

PR-URL: https://github.com/nodejs-private/node-private/pull/797
Fixes: https://github.com/nodejs/node/issues/44751
Refs: https://hackerone.com/bugs?subject=nodejs&report_id=3262404
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
CVE-ID: CVE-2025-59465

Gbp-Pq: Topic sec
Gbp-Pq: Name 34-lib-add-tlssocket-default-error-handler.patch
---

diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
index c3e48a6cb..d9c7e3217 100644
--- a/lib/_tls_wrap.js
+++ b/lib/_tls_wrap.js
@@ -1268,6 +1268,7 @@ function tlsConnectionListener(rawSocket) {
   socket[kErrorEmitted] = false;
   socket.on('close', onSocketClose);
   socket.on('_tlsError', onSocketTLSError);
+  socket.on('error', onSocketTLSError);
 }
 
 // AUTHENTICATION MODES